InformationRestrict access to the Azure AD administration portal to administrators only.
NOTE: This only affects access to the Azure AD administrator's web portal. This setting does not prohibit privileged users from using other methods such as Rest API or Powershell to obtain sensitive information from Azure AD.
The Azure AD administrative portal has sensitive data and permission settings. All non-administrators should be prohibited from accessing any Azure AD data in the administration portal to avoid exposure.
All administrative tasks will need to be done by Administrators, causing additional overhead in management of users and resources.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
SolutionFrom Azure Portal
From Azure Home select the Portal Menu
Select Azure Active Directory
Select User settings
Set Restrict access to Azure AD administration portal to Yes
Please note that at this point of time, there is no Azure CLI or other API commands available to programmatically conduct security configuration for this recommendation.
By default, Restrict access to Azure AD administration portal is set to No